Sword & Shield Enterprise Security, Inc. - Security Advisory
www.sses.net, Copyright (c) 2000

SUMMARY
- -------
The TalentSoft Web+ server allows users to read arbitrary data files on
the Web server running the webpsvr daemon. By entering a crafted URL any
user with a browser can retrieve files that the webpsvr daemon itself has
access to.

http://yourhost.com/cgi-bin/webplus?script=/../../../../etc/passwd